Confirm account phishing email requests
It seems that even the crafters of phishing emails take a break over the weekend. Certainly this weekend the volume of phishing emails was lower than a weekday. The exceptions to the rule are a couple of emails stopped by our email filters over the weekend. One claims to be from Google, and tells the recipient they have been selected by Google. The recipient is informed that more details are contained in an attachment to the email. The attachment however contains malware. The other email that appears in quantity is a PayPal phishing email, requesting that the recipient confirm their account information.
We have picked on the PayPal phishing email for this post, as the Google phishing email is fairly simple. The PayPal email is as shown in Figure A. It uses a fairly realistic PayPal logo. The sender of the email is listed as “Paypal”. Note the second p is lower case. The subject line of the email is “Your Account will expire”. There is one link contained in the email, with the anchor text “Confirm your information now”. A copyright notice is fixed to the bottom of the email, along with a PayPal email identifier. This is designed to convince the recipient that the email is genuine.
The supposed reason for the email is that “unusual activity” has been detected on the recipient’s account. As a consequence (according to the email) the user’s account has been disabled. The email goes on to explain that the user needs to verify they are the owner of the PayPal account, which they can do by clicking on the link contained in the email.
This is a fairly realistic looking phishing email, but it is bogus. The email lacks any sort of salutation, let alone a personalised one. There are some grammatical errors in the email. Finally, mousing over the link shows that it does not lead back to PayPal. Instead it leads to a crude copy of the PayPal site. This fake site looks to lure users into logging in and surrendering their PayPal details. If you receive this email, delete it.